46824a0ee8968d9082af34c10fc29be8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46824a0ee8968d9082af34c10fc29be8_JaffaCakes118
Size

518KB
MD5

46824a0ee8968d9082af34c10fc29be8
SHA1

8f5a5419021317466d71c0d4955f909041bd7539
SHA256

287a71b52a4cefb603b6b591b350de95cf3f18c850472b069676c2e467b6115b
SHA512

cc4b91036c7421aef82b5fd154cbfead81f9b9181663c4e0afa7b0beb434f27091ab2427c9ffb9c7001860ff218622fc852b63ca55d2705268d05a8b9a6c4cea
SSDEEP

12288:6Nud/LDfWfHGj6RYrEsd0VCsWBR7X6BD:6NE/nbj4AdyCZR7Xi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46824a0ee8968d9082af34c10fc29be8_JaffaCakes118

Files

46824a0ee8968d9082af34c10fc29be8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e14f35f4b43dfbf4ebbc3aa98d0feb68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

IsEqualGUID

comctl32

_TrackMouseEvent

urlmon

CoInternetCreateZoneManager

wininet

InternetSetOptionA

shell32

ShellExecuteExA

comdlg32

GetOpenFileNameA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 501KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE